General

  • Target

    7c1a8c64e735e29111ad5a448fc01545e64838a9e08ac2fa8956d8f15b2e21f5N

  • Size

    3.2MB

  • MD5

    4d8f4d308992a3f0c08ff13e38589a20

  • SHA1

    6041a7d0d07f6a0e317c3494ba79872b817759e5

  • SHA256

    7c1a8c64e735e29111ad5a448fc01545e64838a9e08ac2fa8956d8f15b2e21f5

  • SHA512

    3df70ce2da34273188f6c82c00faad503d3fb9dca576128f6c72a368dad425258db2da16c7129f4c0131102789e71173290f5d072baee594b76ac88c911589d4

  • SSDEEP

    49152:nX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQei:nlRsZ47/QXoHUOfAoj1h

Score
10/10

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

Temp

C2

http://172.236.83.83:443/agent.ashx

Attributes
  • mesh_id

    0x0E45A78A5F16DBAF8BD2473CB202223C235E18699BFDD8E4C3C82A1BEA3E777130DDB6734BFB33833460E51A59F0362A

  • server_id

    A3E8310746BD426DA323726ABC4AD08369CE25D636E124043B71652574208BC63CD1F25F6301779C8B948CFA14A53E6B

  • wss

    wss://172.236.83.83:443/agent.ashx

Signatures

  • Detects MeshAgent payload 1 IoCs
  • Meshagent family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 7c1a8c64e735e29111ad5a448fc01545e64838a9e08ac2fa8956d8f15b2e21f5N
    .exe windows:6 windows x64 arch:x64

    fb0a8b4a81655f744a37af985e009476


    Headers

    Imports

    Sections